API Keys
Create and manage API keys for authenticating with the WhoWorked API.
All API requests require authentication via a Bearer token. API keys are scoped to a single workspace.
Creating an API key
- Open the WhoWorked app.
- Navigate to Settings → API Keys.
- Click Create API Key.
- Choose a name and select the scopes your integration needs.
- Copy the key immediately — it won't be shown again.
Using your API key
Include the key in the Authorization header:
curl https://api.whoworked.com/v1/projects \
-H "Authorization: Bearer ww_sk_..."Key format
API keys use the prefix ww_sk_ followed by a random string. If you see a key without this prefix, it may be from an older version — regenerate it.
Revoking keys
You can revoke a key at any time from Settings → API Keys. Revoked keys immediately stop working. There is no undo.
Rate limits
API keys are subject to rate limiting. Current limits:
- 100 requests per minute per key.
- Exceeding the limit returns
429 Too Many Requests.
Include a short delay between bulk operations, or use the batch endpoints where available.